Add SOCKS5 support for SOCKS5_ATYP_NAME bind address. Closes nmap#2365

mzet- · Dec 20, 2021 · 2ce7e07 · 2ce7e07
1 parent fcc5654
commit 2ce7e07
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/CHANGELOG b/CHANGELOG
@@ -3,6 +3,9 @@
 o [Ncat] Fix hostname/certificate comparison and matching to handle ASN.1
   strings without null terminators, a similar bug to OpenSSL's CVE-2021-3712.
 
+o [Ncat][GH#2365] Added support for SOCKS5 proxies that return bind addresses
+  as hostnames, instead of IPv4/IPv6 addresses. [pomu0325]
+
 Nmap 7.92 [2021-08-07]
 
 o [Windows] Upgraded Npcap (our Windows raw packet capturing and

diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
@@ -660,7 +660,7 @@ static int do_proxy_socks5(void)
     size_t addrlen;
     char addrstr[INET6_ADDRSTRLEN];
     size_t bndaddrlen;
-    char bndaddr[16 + 2]; /* IPv4/IPv6 address and port */
+    char bndaddr[SOCKS5_DST_MAXLEN + 2]; /* IPv4/IPv6/hostname and port */
     size_t remainderlen;
     char* remainder;
 
@@ -919,6 +919,14 @@ static int do_proxy_socks5(void)
     case SOCKS5_ATYP_IPv6:
         bndaddrlen = 16 + 2;
         break;
+    case SOCKS5_ATYP_NAME:
+        if (socket_buffer_readcount(&stateful_buf, socksbuf, 1) < 0) {
+            loguser("Error: malformed request response from proxy.\n");
+            close(sd);
+            return -1;
+        }
+        bndaddrlen = (unsigned char)socksbuf[0] + 2;
+        break;
     default:
         loguser("Error: invalid proxy bind address type.\n");
         close(sd);